Main Vulnerability Database SB20241112127

SB20241112127 - Environment manipulation via query string in Laravel

Published: November 12, 2024 Updated: June 20, 2025

Security Bulletin ID SB20241112127

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Security features bypass (CVE-ID: CVE-2024-52301)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to the application allows environment variable manipulation when the register_argc_argv php directive is set to on. A remote attacker can query any URL with a special crafted query string and alter values of environment variables. This can result in disclosure of sensitive information and potential unauthorized data manipulation.

Remediation

Install update from vendor's website.

References

https://github.com/laravel/framework/security/advisories/GHSA-gv7v-rgg6-548h